skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Multi-Modality Mobile Datasets for Behavioral Biometrics Research: Data/Toolset paper
The ubiquity of mobile devices nowadays necessitates securing the apps and user information stored therein. However, existing one-time entry-point authentication mechanisms and enhanced security mechanisms such as Multi-Factor Authentication (MFA) are prone to a wide vector of attacks. Furthermore, MFA also introduces friction to the user experience. Therefore, what is needed is continuous authentication that once passing the entry-point authentication, will protect the mobile devices on a continuous basis by confirming the legitimate owner of the device and locking out detected impostor activities. Hence, more research is needed on the dynamic methods of mobile security such as behavioral biometrics-based continuous authentication, which is cost-effective and passive as the data utilized to authenticate users are logged from the phone's sensors. However, currently, there are not many mobile authentication datasets to perform benchmarking research. In this work, we share two novel mobile datasets (Clarkson University (CU) Mobile datasets I and II) consisting of multi-modality behavioral biometrics data from 49 and 39 users respectively (88 users in total). Each of our datasets consists of modalities such as swipes, keystrokes, acceleration, gyroscope, and pattern-tracing strokes. These modalities are collected when users are filling out a registration form in sitting both as genuine and impostor users. To exhibit the usefulness of the datasets, we have performed initial experiments on selected individual modalities from the datasets as well as the fusion of simultaneously available modalities.  more » « less
Award ID(s):
2122746
PAR ID:
10422316
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy
Page Range / eLocation ID:
73 to 78
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, 7th International Conference on Information Systems Security and Privacy)
    Mobile devices typically rely on entry-point and other one-time authentication mechanisms such as a password, PIN, fingerprint, iris, or face. But these authentication types are prone to a wide attack vector and worse 1 INTRODUCTION Currently smartphones are predominantly protected a patterned password is prone to smudge attacks, and fingerprint scanning is prone to spoof attacks. Other forms of attacks include video capture and shoulder surfing. Given the increasingly important roles smartphones play in e-commerce and other operations where security is crucial, there lies a strong need of continuous authentication mechanisms to complement and enhance one-time authentication such that even if the authentication at the point of login gets compromised, the device is still unobtrusively protected by additional security measures in a continuous fashion. The research community has investigated several continuous authentication mechanisms based on unique human behavioral traits, including typing, swiping, and gait. To this end, we focus on investigating physiological traits. While interacting with hand-held devices, individuals strive to achieve stability and precision. This is because a certain degree of stability is required in order to manipulate and interact successfully with smartphones, while precision is needed for tasks such as touching or tapping a small target on the touch screen (Sitov´a et al., 2015). As a result, to achieve stability and precision, individuals tend to develop their own postural preferences, such as holding a phone with one or both hands, supporting hands on the sides of upper torso and interacting, keeping the phone on the table and typing with the preferred finger, setting the phone on knees while sitting crosslegged and typing, supporting both elbows on chair handles and typing. On the other hand, physiological traits, such as hand-size, grip strength, muscles, age, 424 Ray, A., Hou, D., Schuckers, S. and Barbir, A. Continuous Authentication based on Hand Micro-movement during Smartphone Form Filling by Seated Human Subjects. DOI: 10.5220/0010225804240431 In Proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP 2021), pages 424-431 ISBN: 978-989-758-491-6 Copyrightc 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved still, once compromised, fail to protect the user’s account and data. In contrast, continuous authentication, based on traits of human behavior, can offer additional security measures in the device to authenticate against unauthorized users, even after the entry-point and one-time authentication has been compromised. To this end, we have collected a new data-set of multiple behavioral biometric modalities (49 users) when a user fills out an account recovery form in sitting using an Android app. These include motion events (acceleration and angular velocity), touch and swipe events, keystrokes, and pattern tracing. In this paper, we focus on authentication based on motion events by evaluating a set of score level fusion techniques to authenticate users based on the acceleration and angular velocity data. The best EERs of 2.4% and 6.9% for intra- and inter-session respectively, are achieved by fusing acceleration and angular velocity using Nandakumar et al.’s likelihood ratio (LR) based score fusion. 
    more » « less
  2. ; (, 2021 Association of Computer Science Departments at Minority Institutions (ADMI) Symposium)
    null (Ed.)
    With the growing popularity of smartphones, continuous and implicit authentication of such devices via behavioral biometrics such as touch dynamics becomes an attractive option. Specially, when the physical biometrics are challenging to utilize, and their frequent and continuous usage annoys the user. This paper presents a touchstroke authentication model based on several classification algorithms and compare their performances in authenticating legitimate smartphone users. The evaluation results suggest that it is possible to achieve comparable authentication accuracies with an average accuracy of 91% considering the best performing model. This research is supervised by Dr. Debzani Deb (debd@wssu.edu), Department of Computer Science at Winston-Salem State University, NC. 
    more » « less
  3. ; ; ; (, ACM Computing Surveys)
    Utilization of the Internet in our everyday lives has made us vulnerable in terms of privacy and security of our data and systems. Therefore, there is a pressing need to protect our data and systems by improving authentication mechanisms, which are expected to be low cost, unobtrusive, and ideally ubiquitous in nature. Behavioral biometric modalities such as mouse dynamics (mouse behaviors on a graphical user interface (GUI)) and widget interactions (another modality closely related to mouse dynamics that also considers the target (widget) of a GUI interaction, such as links, buttons, and combo-boxes) can bolster the security of existing authentication systems because of their ability to distinguish individuals based on their unique features. As a result, it can be difficult for an imposter to impersonate these behavioral biometrics, making them suitable for authentication. In this article, we survey the literature on mouse dynamics and widget interactions dated from 1897 to 2023. We begin our survey with an account of the psychological perspectives on behavioral biometrics. We then analyze the literature along the following dimensions: tasks and experimental settings for data collection, taxonomy of raw attributes, feature extractions and mathematical definitions, publicly available datasets, algorithms (statistical, machine learning, and deep learning), data fusion, performance, and limitations. We end the paper with presenting challenges and promising research opportunities. 
    more » « less
  4. ; ; ; (, 24th Workshop on the Economics of Information Security)
    Multifactor authentication (MFA) is one of the most important security controls, topping most lists of cyber hygiene activities advocated by experts. While the security benefits may be substantial, less attention has been paid to the impact on users by the added friction introduced by the more stringent precautions. In this paper, we construct and analyze a dataset of authentication logs from a University population spanning two years. We focus on opportunity costs experienced by users: (1) log-in failures and (2) the time spent away from IT applications following a failed authentication before attempting to re-authenticate. The second measure captures how user frustration can manifest by avoiding or delaying future engagement after experiencing failures. Following an exogenous change in MFA policy from a deny/approve mobile notification to a more cumbersome two-digit code mobile notification confirmation, we show that there are significant increases in the number of log-in failures and in time spent away following failures when using mobile MFA. We also briefly examine which types of users had the greatest difficulty adjusting to the more secure mobile MFA procedure. 
    more » « less
  5. ; (, 19th IEEE International Conference on Machine Learning and Applications (ICMLA))
    null (Ed.)
    With the growing popularity of smartphones, continuous and implicit authentication of such devices via behavioral biometrics such as touch dynamics becomes an attractive option, especially when the physical biometrics are challenging to utilize, or their frequent and continuous usage annoys the user. However, touch dynamics is vulnerable to potential security attacks such as shoulder surfing, camera attack, and smudge attack. As a result, it is challenging to rule out genuine imposters while only relying on models that learn from real touchstrokes. In this paper, a touchstroke authentication model based on Auxiliary Classifier Generative Adversarial Network (AC-GAN) is presented. Given a small subset of a legitimate user's touchstrokes data during training, the presented AC-GAN model learns to generate a vast amount of synthetic touchstrokes that closely approximate the real touchstrokes, simulating imposter behavior, and then uses both generated and real touchstrokes in discriminating real user from the imposters. The presented network is trained on the Touchanalytics dataset and the discriminability is evaluated with popular performance metrics and loss functions. The evaluation results suggest that it is possible to achieve comparable authentication accuracies with Equal Error Rate ranging from 2% to 11% even when the generative model is challenged with a vast number of synthetic data that effectively simulates an imposter behavior. The use of AC-GAN also diversifies generated samples and stabilizes training. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email